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(57)Abstract: 

PROBLEM TO BE SOLVED: To provide a method and an apparatus for authentication 
in a wireless LAN system which can concurrently achieve delivery of an encryption 
key for maintaining concealment between only parties performing wireless 
communication and an authenticating procedure and can simplify each authenticating 
procedure to the same AP (a base station) performed by a S TA (a mobile terminal) 
completing initial authentication after releasing the authentication. 
SOLUTION: The STA searches whether a MAC address of the AP intending to 
perform the wireless communication exists in an AP information managing table 
maintained by the STA. If the MAC address does not exist in the AP information 
managing table, a request for authenticating a public key is transmitted to the AP. If 
the MAC address exists in the AP information managing table, a request for 



re-authenticating the public key is transmitted to the AP. 
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CLAIMS 



[Claim(s)] 

[Claim 1] In the authentication approach in a wireless LAN system STA (migration 
terminal station) It searches whether the MAC Address of AP (base station) which is 
going to perform radio exists in AP information management table which said STA 
holds. When said MAC Address does not exist in said AP information management 
table Said STA performs a public key authentication demand to said AP, and said AP 
attests said STA, when said public key authentication demand is appropriate. When 
said MAC Address exists in said AP information management table It is the 
authentication approach in the wireless LAN system characterized by what said STA 
is attested for when said STA performs a public key reconfirmation certificate demand 
to said AP and said public key reconfirmation certificate demand is appropriate to said 
AP. 

[Claim 2] Said AP information management table is the authentication approach in the 
wireless LAN system according to claim 1 characterized by holding the MAC Address 
of AP in which said STA gives said public key authentication demand, and the 
completion track record of this public key authentication has it in order of the 
completion track record of the newest authentication. 

[Claim 3] AP private key said whose AP is its private key, and AP public key which is 
a public key corresponding to said AP private key, AP user certificate which is its user 



certificate which attached said AP public key is held. Said STA The STA private key 
which is its private key, and the STA public key which is a public key corresponding to 
said STA private key, The authentication approach in a wireless LAN system given in 
any 1 term of claim 1 characterized by what the STA user certificate which is its user 
certificate which attached said STA public key is held for, or claim 2. 
[Claim 4] The step to which said STA gives said public key authentication demand to 
said AP It is constituted by the public key authentication procedure. Said public key 
authentication procedure The step which performs an authentication demand from 
said STA to said AP, and the step which transmits said AP user certificate to said 
STA from said AP which received said authentication demand, Said STA which 
received said AP user certificate enciphers said STA user certificate using said AP 
public key attached to said AP user certificate after verifying said AP user certificate, 
and draws up an encryption STA user certificate. The step which transmits said 
encryption STA user certificate to said AP, Said AP which received said encryption 
STA user certificate decrypts said encryption STA user certificate with said AP 
private key, and reproduces said STA user certificate. Encipher the common key 
which said AP generated using said STA public key attached to said STA user 
certificate after verifying said STA user certificate, and an encryption common key is 
created. It consists of steps which transmit said encryption common key to said STA, 
and notify authentication authorization. The authentication approach in the wireless 
LAN system according to claim 3 characterized by what said STA which received said 
encryption common key decrypts said encryption common key with said STA private 
key, reproduces said common key, and uses this common key for subsequent frame 
encryption communication links for. 

[Claim 5] The value of Algorithm Number of the frame body section in the MAC frame 
transmitted and received in case said STA performs said public key authentication 
demand to said AP is the authentication approach in the wireless LAN system 
according to claim 4 characterized by what is been the number of the arbitration 
which is not "0" or "1" "n." 

[Claim 6] It is the authentication approach in the wireless LAN system according to 
claim 5 which said AP holds a public key managed table, and is characterized by what 
the MAC Address of said STA in which said public key managed table has the track 
record that said AP notified authentication authorization in the past, said STA public 
key of this STA, and the common key that said AP generated at the time of 
authentication authorization of this STA, and published are held for in order of the 
newest authentication authorization. 

[Claim 7] The step to which said STA gives said public key reconfirmation certificate 
demand to said AP It is constituted by the public key reconfirmation certificate 
procedure. Said public key reconfirmation certificate procedure The step which 
performs a reconfirmation certificate demand from said STA to said AP, and said AP 



which received said reconfirmation certificate demand It searches whether the MAC 
Address of said STA which transmitted said public key reconfirmation certificate 
demand exists in said public key managed table which said AP holds. As a result of 
searching, the MAC Address of said STA exists in said public key managed table, and 
when holding said STA public key which is a public key corresponding to this MAC 
Address in said public key managed table is checked Said AP generates the new 
common key which is a new common key specified to the STA concerned. Encipher 
this new common key with said STA public key, and an encryption new common key is 
generated. It consists of steps which transmit this encryption new common key to 
said STA, and notify authentication authorization. The authentication approach in the 
wireless LAN system according to claim 6 characterized by what said STA which 
received said encryption new common key decrypts said encryption new common key 
with said STA private key, reproduces said new common key, and uses this new 
common key for subsequent frame encryption communication links for. 
[Claim 8] The value of Algorithm Number of the frame body section in the MAC frame 
transmitted and received in case said STA performs said public key reconfirmation 
certificate demand to said AP is the authentication approach in the wireless LAN 
system according to claim 7 characterized by what is been the number of the 
arbitration which is not "0", "1", and "n" "m." 

[Claim 9] In the authentication equipment in a wireless LAN system, the MAC Address 
of AP (base station) which is going to perform radio searches whether it exists in AP 
information management table which self holds. When said MAC Address does not 
exist in said AP information management table When a public key authentication 
demand is performed to said AP and said MAC Address exists in said AP information 
management table Authentication equipment in the wireless LAN system 
characterized by having STA (migration terminal station) which performs a public key 
reconfirmation certificate demand to said AP, and said AP which attests said STA 
when said public key authentication demand from said STA or said public key 
reconfirmation certificate demand is appropriate. 

[Claim 10] Said AP information management table is authentication equipment in the 
wireless LAN system according to claim 9 characterized by holding the MAC Address 
of AP in which said STA gives said public key authentication demand, and the 
completion track record of this public key authentication has it in order of the 
completion track record of the newest authentication. 

[Claim 1 1] AP private key said whose AP is its private key, and AP public key which is 
a public key corresponding to said AP private key, AP user certificate which is its user 
certificate which attached said AP public key is held. Said STA The STA private key 
which is its private key, and the STA public key which is a public key corresponding to 
said STA private key, Authentication equipment in a wireless LAN system given in any 
1 term of claim 9 characterized by what the STA user certificate which is its user 



certificate which attached said STA public key is held for, or claim 10. 
[Claim 12] When said STA performs said public key authentication demand to said AP 
Perform an authentication demand to said STA to said AP, and said AP user 
certificate is transmitted to said STA from said AP which received said authentication 
demand. Said STA which received said AP user certificate enciphers said STA user 
certificate using said AP public key attached to said AP user certificate after verifying 
said AP user certificate, and draws up an encryption STA user certificate. Said AP 
which transmitted said encryption STA user certificate to said AP, and received said 
encryption STA user certificate Decrypt said encryption STA user certificate with 
said AP private key, and said STA user certificate is reproduced. Encipher the 
common key which said AP generated using said STA public key attached to said STA 
user certificate after verifying said STA user certificate, and an encryption common 
key is created. Said STA which transmitted said encryption common key to said STA, 
notified authentication authorization, and received said encryption common key 
Authentication equipment in the wireless LAN system according to claim 11 
characterized by what said encryption common key is decrypted with said STA 
private key, said common key is reproduced, and this common key is used for 
subsequent frame encryption communication links for. 

[Claim 13] The value of Algorithm Number of the frame body section in the MAC 
frame transmitted and received in case said STA performs said public key 
authentication demand to said AP is authentication equipment in the wireless LAN 
system according to claim 12 characterized by what is been the number of the 
arbitration which is not "0" or "1" "n." 

[Claim 14] It is authentication equipment in the wireless LAN system according to 
claim \3 which said AP holds a public key managed table, and is characterized by what 
the MAC Address of said STA in which said public key managed table has the track 
record that said AP notified authentication authorization in the past, said STA public 
key of this STA, and the common key that said AP generated at the time of 
authentication authorization of this STA, and published are held for in order of the 
newest authentication authorization. 

[Claim 15] When said STA performs said public key reconfirmation certificate demand 
to said AP Said AP which performed the reconfirmation certificate demand to said 
STA to said AP, and received said reconfirmation certificate demand It searches 
whether the MAC Address of said STA which transmitted said public key 
reconfirmation certificate demand exists in said public key managed table which said 
AP holds. As a result of searching, the MAC Address of said STA exists in said public 
key managed table, and when holding said STA public key which is a public key 
corresponding to this MAC Address in said public key managed table is checked Said 
AP generates the new common key which is a new common key specified to the STA 
concerned. Encipher this new common key with said STA public key, and an 



encryption new common key is generated. Said STA which transmitted this encryption 
new common key to said STA, notified authentication authorization, and received said 
encryption new common key Authentication equipment in the wireless LAN system 
according to claim 14 characterized by what said encryption new common key is 
decrypted with said STA private key, said new common key is reproduced, and this 
new common key is used for subsequent frame encryption communication links for. 
[Claim 16] The value of Algorithm Number of the frame body section in the MAC 
frame transmitted and received in case said STA performs said public key 
reconfirmation certificate demand to said AP is authentication equipment in the 
wireless LAN system according to claim 1 5 characterized by what is been the number 
of the arbitration which is not "0", "1", and "n" "m." 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the authentication approach and 
authentication equipment in a wireless LAN system which enable coincidence 
implementation of the key delivery for codes which held secrecy nature only by 
between persons concerned [ which performs radio ], and authentication about the 
authentication approach and authentication equipment in a wireless LAN system in 
the wireless LAN system which enciphers especially data and radiocommunicates. 
[0002]- 

[Description of the Prior Art] In a wireless LAN (Local Area Network: run) system, in 
order to hold the secrecy nature of the data transmitted and received, encryption of 
the data frame transmitted and received is becoming indispensable conditions. 
[0003] About the cipher system in a wireless LAN system, examination of a 
standardization is advanced until now mainly by IEEEOnstitute of Electrical and 
Electronics Engineers : U.S., electrical-and-electric-equipment / electronic American 
Association of Engineers) 802 committee, and the Shared Key (common key) 
authentication method is adopted in IEEE802.1 1 which is the standard specifications 
as one of encryption of the wireless section in wireless LAN, and the methods of 
authentication. 

[0004] In a Shared Key method, AP (Access Point: access point)1 as a base station of 
wireless LAN as shown in drawing 1 , and STA (Station : station)2 as a migration 
terminal office When one kind of common key which can be held for every 
communications partner is used or one kind of common key is not held Four kinds of 
common keys are held as key information common to both, and in case a frame 



encryption communication link is performed, one common key in four kinds of common 
keys is used, choosing. However, about the delivery approach of the key for 
encryption, it is not defined as IEEE802.1 1 but has become mounting dependence. 
[0005] The authentication procedure in a Shared Key method is explained with 
reference to drawing 10 and drawing 1 1 . 

[0006] Drawing 10 is drawing showing the authentication procedure in a Shared Key 
method, and drawing 11 is drawing showing the frame body section of the frame 
format transmitted and received in the authentication procedure of a Shared Key 
method. 

[0007] In drawing 10 , STA2 which performs the authentication demand by the Shared 
Key method to AP1 transmits the authentication frame 1 to AP1 (step S1). The frame 
body section of the authentication frame 1 serves as a format shown in (1) 
authentication frame 1 of drawing 11 , and serves as a frame which set Algorithm 
Number (algorithm number) 11-1-1 to "1", and set Transaction Sequence Number 1 1 
(transaction sequence number)-1-2 to "1." In addition, at the time of the 
authentication in a Shared Key method, it is defined as Algorithm Number 11-1-1 to 
11-4-1 being always "1." 

[0008] AP1 which received the authentication demand transmits a random bit string 
called Challenge Text (challenge text) from STA2 to STA2 using the authentication 
frame 2 at step S1 (step S2). The authentication frame 2 serves as a format shown in 
(2) authentication frame 2 of drawing 11 , Algorithm Number 11-2-1 is "1" as 
above-mentioned, and Transaction Sequence Number 11-2-2 is "2", and it serves as 
a frame which inserted Challenge Text in Challenge Text element (challenge text 
element) 1 1-2-4. 

[0009]- STA2 which received the authentication frame 2 from AP1 at step S2 
enciphers by one of the common keys to ICV (Integrity Check Value : integrity check 
value) equivalent to the CRC32 (Cyclic Redundancy Code 32bits) calculation result of 
Challenge Text which received from AP1, and this Challenge Text (step S3). And 
Challenge Text and ICV which were enciphered With IV (Initialization Vector : 
initialization vector) which is the key information on the used common key, it 
transmits to AP1 using the authentication frame 3 (step S4). The authentication frame 
3 serves as a format shown in (3) authentication frame 3 of drawing 11 , Algorithm 
Number 11-3-1 is "1" as above-mentioned, and Transaction Sequence Number 
11-3-2 is "3", and it serves as a frame which added IV 11-3-3, Challenge Text 
element (enciphered Challenge Text) 1 1-3-4, and ICV 11-3-5. 

[0010] AP1 which received the authentication frame 3 by step S4 ICV which 
decrypted the encryption section of a receiving frame using the common key 
corresponding to it from the key information in a receiving frame (IV 11-3-3), and was 
computed from the decode result in [ ICV ] the receiving frame (ICV 11-3-5) 
Coincidence, (When coincidence with the plaintext obtained from a decode result and 



Challenge Text which transmitted at step S2 is checked, and coincidence is checked 
at step S5), the authentication frame 4 is transmitted to STA2, and the completion of 
authentication is notified (step S6). The authentication frame 4 serves as a format 
shown in (4) authentication frame 4 of drawing 1 1 , Algorithm Number 11-4-1 is "1" as 
above-mentioned, and Transaction Sequence Number 1 1-4-2 is "4", and it serves as 
a frame which added Status Code 11 (status code)-4-9. In addition, Status Code 
11-1-9, Status Code 11-2-9, Status Code 11-3-9, and Status Code 11-4-9 which 
were shown in drawing 1 1 are the information field for notifying the propriety of a 
frame reception success etc. to a communications partner. 

[001 1] By the above actuation, the authentication procedure in a Shared Key method 
is completed, and the frame encryption communication link using a common key is 
henceforth performed between STA2 and AP1. 

[0012] There are technique between which third persons other than the person 
concerned who much various technique is proposed, for example, communicates as 
one of them (for example, key management server) are made to intervene, and the 
technique of exchanging confidential information as other one only by between 
persons concerned [ which communicates ] in the approach of authentication and key 
delivery in a Shared Key method. As a former example, "the authentication approach 
in a wireless LAN system and authentication equipment" given in JP,2001-1 1 1544,A 
are known, and the technique of performing encryption authentication is indicated to 
be an authentication server in this official report using the common key which 
distributed beforehand and was made to hold by a certain approach. Moreover, as a 
latter example, "the mutual recognition approach and its equipment" given in 
JP,1 1 -1 91 761 , A are known, and the technique of checking the justification of a public 
key using the key delivery algorithm of Diffie-Hellman is indicated by this official 
report. 
[0013] 

[Problem(s) to be Solved by the Invention] In the system using the key management 
server mentioned above as the 1st example, it has the fault that the authentication 
procedure accompanied by encryption will become complicated, by registering the 
information on a migration terminal station into a key management server beforehand, 
and separating a key delivery procedure and an authentication procedure. 
[0014] Moreover, although it becomes possible to perform key delivery which held 
secrecy nature only by between persons concerned [ which communicates ] in the 
authentication procedure using the key delivery algorithm mentioned above as the 2nd 
example, and authentication to coincidence It is what the authentication procedure 
becomes complicated and an operation takes much time amount. Also at the time of 
the authentication procedure activation for the second time at the time of the 
authentication discharge at the time of a communication link being cut off by the 
problem of a wireless propagation environment etc., the same procedure as the time 



of first-time authentication will be completed, and it has the fault of increasing 
overhead traffic other than original data communication. 

[0015] This invention is made in order to improve the situation mentioned above. The 
purpose of this invention While enabling coincidence implementation of the key 
delivery for codes, and an authentication procedure which held secrecy nature only by 
between persons concerned [ which performs radio ], it is related with STA (migration 
terminal station) which completed first-time authentication. It is in offering the 
authentication approach and authentication equipment in the wireless LAN system 
which makes realizable simplification of the authentication procedure of the 2nd 
henceforth to the same AP after authentication discharge (base station). 
[0016] 

[Means for Solving the Problem] The authentication approach in the wireless LAN 
system of this invention In the authentication approach in a wireless LAN system STA 
(migration terminal station) It searches whether the MAC Address of AP (base 
station) which is going to perform radio exists in AP information management table 
which said STA holds. When said MAC Address does not exist in said AP information 
management table Said STA performs a public key authentication demand to said AP, 
and said AP attests said STA, when said public key authentication demand is 
appropriate. When said MAC Address exists in said AP information management table, 
said STA performs a public key reconfirmation certificate demand to said AP, and said 
AP is characterized by what said STA is attested for, when said public key 
reconfirmation certificate demand is appropriate. 

[0017] Moreover, said AP information management table is characterized by holding 
the MAC Address of AP which said STA performs said public key authentication 
demand, and has the completion track record of this public key authentication in order 
of the completion track record of the newest authentication. 

[0018] Furthermore, AP private key said whose AP is its private key and AP public 
key which is a public key corresponding to said AP private key, AP user certificate 
which is its user certificate which attached said AP public key is held. Said STA It is 
characterized by what the STA private key which is its private key, the STA public key 
which is a public key corresponding to said STA private key, and the STA user 
certificate which is its user certificate which attached said STA public key are held for. 
[0019] Moreover, the step to which said STA gives said public key authentication 
demand to said AP It is constituted by the public key authentication procedure. Said 
public key authentication procedure The step which performs an authentication 
demand from said STA to said AP, and the step which transmits said AP user 
certificate to said STA from said AP which received said authentication demand, Said 
STA which received said AP user certificate enciphers said STA user certificate using 
said AP public key attached to said AP user certificate after verifying said AP user 
certificate, and draws up an encryption STA user certificate. The step which 



transmits said encryption STA user certificate to said AP, Said AP which received 
said encryption STA user certificate decrypts said encryption STA user certificate 
with said AP private key, and reproduces said STA user certificate. Encipher the 
common key which said AP generated using said STA public key attached to said STA 
user certificate after verifying said STA user certificate, and an encryption common 
key is created. It consists of steps which transmit said encryption common key to said 
STA, and notify authentication authorization. Said STA which received said encryption 
common key decrypts said encryption common key with said STA private key, 
reproduces said common key, and is characterized by what this common key is used 
for subsequent frame encryption communication links for. 

[0020] Furthermore, the value of Algorithm Number of the frame body section in the 
MAC frame transmitted and received in case said STA performs said public key 
authentication demand to said AP is characterized by what is been the number of the 
arbitration which is not "0" or "1" "n." 

[0021] Moreover, said AP holds a public key managed table, and said public key 
managed table is characterized by what the MAC Address of said STA with the track 
record that said AP notified authentication authorization in the past, said STA public 
key of this STA, and the common key that said AP generated and published at the 
time of authentication authorization of this STA are held for in order of the newest 
authentication authorization. 

[0022] Furthermore, the step to which said STA gives said public key reconfirmation 
certificate demand to said AP It is constituted by the public key reconfirmation 
certificate procedure. Said public key reconfirmation certificate procedure The step 
which performs a reconfirmation certificate demand from said STA to said AP, and 
said AP which received said reconfirmation certificate demand It searches whether 
the MAC Address of said STA which transmitted said public key reconfirmation 
certificate demand exists in said public key managed table which said AP holds. As a 
result of searching, the MAC Address of said STA exists in said public key managed 
table, and when holding said STA public key which is a public key corresponding to this 
MAC Address in said public key managed table is checked Said AP generates the new 
common key which is a new common key specified to the STA concerned. Encipher 
this new common key with said STA public key, and an encryption new common key is 
generated. It consists of steps which transmit this encryption new common key to 
said STA, and notify authentication authorization. Said STA which received said 
encryption new common key decrypts said encryption new common key with said STA 
private key, reproduces said new common key, and is characterized by what this new 
common key is used for subsequent frame encryption communication links for. 
[0023] Moreover, the value of Algorithm Number of the frame body section in the 
MAC frame transmitted and received in case said STA performs said public key 
reconfirmation certificate demand to said AP is characterized by what is been the 



number of the arbitration which is not "0", "1", and "n" "m." 

[0024] The authentication equipment in the wireless LAN system of this invention In 
the authentication equipment in a wireless LAN system, the MAC Address of AP 
(base station) which is going to perform radio searches whether it exists in AP 
information management table which self holds. When said MAC Address does not 
exist in said AP information management table When a public key authentication 
demand is performed to said AP and said MAC Address exists in said AP information 
management table It is characterized by having STA (migration terminal station) which 
performs a public key reconfirmation certificate demand to said AP, and said AP which 
attests said STA when said public key authentication demand from said STA or said 
public key reconfirmation certificate demand is appropriate. 

[0025] Moreover, said AP information management table is characterized by holding 
the MAC Address of AP which said STA performs said public key authentication 
demand, and has the completion track record of this public key authentication in order 
of the completion track record of the newest authentication. 

[0026] Furthermore, AP private key said whose AP is its private key and AP public 
key which is a public key corresponding to said AP private key, AP user certificate 
which is its user certificate which attached said AP public key is held. Said STA It is 
characterized by what the STA private key which is its private key, the STA public key 
which is a public key corresponding to said STA private key, and the STA user 
certificate which is its user certificate which attached said STA public key are held for. 
[0027] moreover, when said STA performs said public key authentication demand to 
said AP Perform an authentication demand to said STA to said AP, and said AP user 
certificate is transmitted to said STA from said AP which received said authentication 
demand. Said STA which received said AP user certificate enciphers said STA user 
certificate using said AP public key attached to said AP user certificate after verifying 
said AP user certificate, and draws up an encryption STA user certificate. Said AP 
which transmitted said encryption STA user certificate to said AP, and received said 
encryption STA user certificate Decrypt said encryption STA user certificate with 
said AP private key, and said STA user certificate is reproduced. Encipher the 
common key which said AP generated using said STA public key attached to said STA 
user certificate after verifying said STA user certificate, and an encryption common 
key is created. Said encryption common key is transmitted to said STA, 
authentication authorization is notified, and said STA which received said encryption 
common key decrypts said encryption common key with said STA private key, 
reproduces said common key, and is characterized by what this common key is used 
for subsequent frame encryption communication links for. 

[0028] Furthermore, the value of Algorithm Number of the frame body section in the 
MAC frame transmitted and received in case said STA performs said public key 
authentication demand to said AP is characterized by what is been the number of the 



arbitration which is not "0" or "1" "n." 

[0029] Moreover, said AP holds a public key managed table, and said public key 
managed table is characterized by what the MAC Address of said STA with the track 
record that said AP notified authentication authorization in the past, said STA public 
key of this STA, and the common key that said AP generated and published at the 
time of authentication authorization of this STA are held for in order of the newest 
authentication authorization. 

[0030] furthermore, when said STA performs said public key reconfirmation certificate 
demand to said AP Said AP which performed the reconfirmation certificate demand to 
said STA to said AP, and received said reconfirmation certificate demand It searches 
whether the MAC Address of said STA which transmitted said public key 
reconfirmation certificate demand exists in said public key managed table which said 
AP holds. As a result of searching, the MAC Address of said STA exists in said public 
key managed table, and when holding said STA public key which is a public key 
corresponding to this MAC Address in said public key managed table is checked Said 
AP generates the new common key which is a new common key specified to the STA 
concerned. Encipher this new common key with said STA public key, and an 
encryption new common key is generated. This encryption new common key is 
transmitted to said STA, authentication authorization is notified, and said STA which 
received said encryption new common key decrypts said encryption new common key 
with said STA private key, reproduces said new common key, and is characterized by 
what this new common key is used for subsequent frame encryption communication 
links for. 

[0031] Moreover, the value of Algorithm Number of the frame body section in the 
MAC frame transmitted and received in case said STA performs said public key 
reconfirmation certificate demand to said AP is characterized by what is been the 
number of the arbitration which is not "0", "1", and "n" "m." 
[0032] 

[Embodiment of the Invention] Next, the gestalt of operation of this invention is 
explained with reference to a drawing. 

[0033] Drawing 1 is the block diagram showing 1 operation gestalt of the 
authentication equipment in the wireless LAN system of this invention. 
[0034] The gestalt of this operation shown in drawing 1 consists of two or more STA 
(Station : station)2 (STA [ 2-1 ], STA2-k) as a migration terminal office which belongs 
to AP (Access Point: access point)1 and AP1 as a base station of wireless LAN. The 
gestalt of operation shown in drawing 1 is an Infrastructure (infrastructure) method 
which IEEE802.1 1 defines, and says the smallest unit of such a wireless LAN network 
as BSS (Basic Service Set : basic service set)4. 

[0035] AP1 in BSS4 the Beacon (beacon) frame including information for each STA2 
to synchronize with AP1 Each STA2 in BSS4 which carried out broadcasting 



transmission into BSS4 periodically, and received the Beacon frame concerned After 
performing an authentication demand to AP1 at the time of communication link 
initiation and obtaining authentication authorization by AP1, it becomes possible by 
completing the imputed processing to AP1 to perform the communication link with 
AP1. Moreover, each STA2 in BSS4 in an Infrastructure method performs the 
communication link which minded AP1 at the time of the communication link between 
STAs2. 

[0036] Moreover, although AP1 in drawing 1 serves as (portal), Portal shows that the 
protocol conversion function with LAN protocols other than IEEE802.1 1 was added to 
AP1, and shows that it is the base station which enabled connection with the cables 
LAN as a base station, such as AP1 and Ethernet (trademark) (Ethernet (trademark))5. 
[0037] In addition, although the gestalt of operation shown in drawing 1 is based on 
IEEE802.11, unlike a Shared Key method (common key authentication method), in the 
gestalt of this operation, the authentication method using a private key and a public 
key is mainly used for it as encryption of the wireless section, and a method of 
authentication. Therefore, in order to distinguish from a Shared Key method, suppose 
that the authentication method in this operation gestalt is called a public key 
authentication method for convenience. 

[0038] Next, with reference to drawing 2 , the detail configuration of AP1 and STA2 is 
explained. 

[0039] Drawing 2 is the detail block diagram showing an example of AP and STA. 
[0040] In drawing 2 , the block diagram of an upper case is AP1, and the block diagram 
of the lower berth is STA2. 

[0041] AP1 minds the high order layer interface 17-1 which is an interface of the 
wireless LAN card 19-1 shown in drawing 2 , and a high order layer. Higher-level 
protocol processing of TCP/IP (Transport Control Protocol/Internet Protocol), 
various applications, etc. It is what is realized by the base station terminal body 18. 
STA2 The migration terminal bodies 20, such as a note type personal computer, 
realize the same higher-level protocol processing as AP1 through the high order layer 
interface 17-2 which is an interface of the wireless LAN card 19-2 shown in drawing 
2 , and a high order layer. 

[0042] The wireless LAN card 19-1 and the wireless LAN card 19-2 which are shown 
in drawing 2 are equipped with the same configuration. Therefore, in the wireless LAN 
card 19, the thing corresponding to the same component shall attach the same 
reference figure or the same sign. 

[0043] The wireless LAN card 19 (19-1 and 19-2) shown in drawing 2 The 
walkie-talkie section 12 which performs frame transmission and reception in the 
wireless section, and the IEEE802.1 1 PHY (Physical Layer: physical layer) protocol 
processing section 13 which performs strange recovery processing, The IEEE802.11 
MAC protocol processing section 14 which performs the access control in a MAC 



(Medium Access Control : media access control) layer, It consists of a CPU which 
builds in high order layer processing of authentication processing in a MAC layer etc., 
the high order layer processing section 15 realized by memory 16, and memory 16 
which the high order layer processing section 1 5 uses. 

[0044] Next, in case STA2 requires authentication from AP1 with reference to 
drawing 3 , the MAC frame transmitted and received between STA2 and AP1 is 
explained. 

[0045] Drawing 3 is drawing explaining the configuration of the MAC frame transmitted 
and received by the authentication demand between AP and STA. 
[0046] It is exchanged between AP1 and STA2 by the authentication demand to AP1 
of STA2 in the MAC frame 30-1 according to the MAC frame format of IEEE802.1 1 
shown in drawing 3 , and the MAC frame 30-1 is constituted from MAC Header (MAC 
header) 30-2, and FrameBody 30 (frame body)-3 and FCS30(Frame Check Sequence: 
frame check sequence)-4. 

[0047] And MAC Header 30-2 in an Infrastructure method The field of Frame Control 
30 (frame control)- 1 1 which shows various frame types and control information, The 
field of Duration (DEYURESHON) 30-12 which defines the time amount for performing 
transmitting standby when a transmission place is busy, The field of DA (Destination 
Address : transmission place address) 30-13 which shows the frame transmission 
place address, The field of SA (Source Address: transmitting agency address) 30-14 
which shows the transmitting agency address of a frame, It consists of the field of 
BSSID 30-15 which shows the identification information of BSS4, and the field of 
Sequence Control (sequential control) 30-16 which shows the order of frame 
transmission. 

[0048] 4n the IEEE802.1 1 MAC protocol processing section 14 shown in drawing 2 , at 
the time of frame transmission Put the Request-to-Send frame from the high order 
layer processing section 15 into FrameBody 30-3 shown in drawing 3 , and it is 
encapsulated. MAC Header 30-2 created from Request-to-Send information is added 
before FrameBody 30-3. The CRC32 (Cyclic Redundancy Code 32bits) calculation 
result of MAC Header 30-2 and FrameBody 30-3 concerned By adding behind 
FrameBody 30-3 as FCS 30-4, conversion on the MAC frame 30-1 according to an 
IEEE802.1 1 MAC protocol as shown in drawing 3 is performed. Then, in the IEEE802.1 1 
PHY protocol processing section 13 shown in drawing 2 , transmitting processing is 
completed by performing modulation processing to the MAC frame 30-1 concerned, 
and sending out the MAC frame 30-1 concerned on space through the walkie-talkie 
section 12. 

[0049] In the IEEE802.1 1 MAC protocol processing section 14 shown in drawing 2 , at 
the time of frame reception It is CRC32 to the MAC frame 30-1 received as a result 
of having performed recovery processing in the IEEE802.1 1 PHY protocol processing 
section 13 through the walkie-talkie section 12. It calculates. The value and CRC32 of 



FCS 30-4 in a receiving frame When a calculation result is in agreement, processing to 
the analysis and the receiving frame of the contents of MAC Header 30-2 is 
performed, and the part of FrameBody 30-3 is notified to the high order layer 
processing section 1 5. 

[0050] Next, with reference to drawing 4 and drawing 5 , the public key managed table 
and AP information management table as an important component of this operation 
gestalt are explained. 

[0051] Drawing 4 is drawing explaining the public key managed table which AP holds, 
and drawing 5 is drawing explaining AP information management table which STA 
holds. 

[0052] AP1 is held in the memory 16 of the wireless LAN card 19-1 which shows the 
public key managed table 40 shown in drawing 4 to drawing 2 . The column of STA Mac 
Address 40 (MAC Address of STA)-1 holding the MAC Address which is a physical 
address of the MAC layer of STA2 with which the public key managed table 40 has the 
track record that AP1 performed authentication authorization in public key 
authentication of this invention in the past, It consists of a column of Public Key 
(public key) 40-2 holding the public key of STA2 concerned, and a column of Shared 
Key (shared key) 40-3 holding the common key which AP1 published to STA2 
concerned at the time of authentication authorization. And AP1 registers each line of 
the public key managed table 40 in order of the newest authentication authorization of 
STA2. 

[0053] STA2 is held in the memory 16 of the wireless LAN card 19-2 which shows AP 
information management table 50 shown in drawing 5 to drawing 2 . AP information 
management table 50 consists of columns of AP MAC Address (MAC Address of AP) 
50-1 to which STA2 holds the MAC Address of AP1 which requires public key 
authentication of this invention and has the completion track record of this public key 
authentication, and STA2 registers each line of AP information management table 50 
in order of the completion track record of the newest authentication of AP1. 
[0054] At the time of the information registration to the public key managed table 40 
explained by drawing 4 , AP1 moves the information concerned to the line of the head 
of the public key managed table 40 with the renewal of information of the contents of 
registration, when registered STA MAC address 40-1 is searched and the same 
registered MAC Address already exists. For every [ moreover, ] implementation of the 
frame encryption communication link after the completion of public key authentication 
of this invention By AP'sl searching STA MAC address 40-1 of the public key 
managed table 40, and moving the management information of STA2 of a 
communications partner to the line of the head of the public key managed table 40 
When the public key managed table 40 reaches a marginal number of registration and 
it becomes impossible by positioning the management information of a 
communications partner with a new transmitter meeting in a managed table high order 



to new information register it It corresponds by deleting the management information 
of the oldest communications partner of the transmitter meeting most located in low 
order within the public key managed table 40. 

[0055] Moreover, like AP1, at the time of the information registration to AP 
information management table 50 explained by drawing 5 , STA2 moves the 
information concerned to the line of the head of AP information management table 50 
with the renewal of information of the contents of registration, when registered AP 
MAC address 50-1 is searched and the same registered MAC Address already exists. 
For every [ moreover, ] implementation of the frame encryption communication link 
after the completion of public key authentication of this invention By STA's2 
searching AP MAC address 50-1 of AP information management table 50, and moving 
the management information of AP1 of a communications partner to the line of the 
head of AP information management table 50 When AP information management table 
50 reaches a marginal number of registration and it becomes impossible by positioning 
the management information of a communications partner with a new transmitter 
meeting in a managed table high order to new information register it It corresponds by 
deleting the management information of the oldest communications partner of the 
transmitter meeting most located in low order within AP information management 
table 50. 

[0056] Next, actuation of this operation gestalt is explained with reference to drawing 
6 , drawing 7 , drawing 8 , and drawing 9 . 

[0057] In this operation gestalt both AP1 which is the base station of the wireless 
LAN system shown in drawing 1 f and STA2 which is a migration terminal office shall 
hold the user certificate which attached its private key, public key corresponding to it, 
and this public key. And the user certificate concerned shall be premised on the 
conditions that the relation between a public key and its carrier (namely, AP1 or 
STA2) and own justification of a carrier can be proved, by the third person 
represented by the certificate authority. Below, a user certificate shall mean a digital 
user certificate. 

[0058] When STA2 in drawing 1 tends to perform radio through AP1, STA2 is first 
started from transmitting the public key authentication demand of this invention to 
AP1. 

[0059] STA2 searches AP MAC Address 50-1 in AP information management table 50 
which used the MAC Address of AP1 of an authentication demand place at the time of 
public key authentication initiation, and was shown in drawing 5 at it. When the MAC 
Address of the authentication demand place AP 1 does not exist in AP information 
management table 50 When the public key authentication procedure shown in drawing 
6 as a first-time authentication demand is performed and the MAC Address of the 
authentication demand place AP 1 exists, since it is the case with AP1 concerned 
where there is a completion track record of public key authentication, the public key 



reconfirmation certificate procedure shown in drawing 8 is performed as a 
reconfirmation certificate in the past. 

[0060] First the public key authentication procedure as a first-time authentication 
demand is explained with reference to drawing 6 and drawing 7 . 

[0061] Drawing 6 is drawing showing a public key authentication procedure, and 
drawing 7 is drawing showing the frame body section (FrameBody 30-3 of drawing 3 ) 
of the MAC frame transmitted and received in a public key authentication procedure. 
[0062] In drawing 6 , STA2 which performs the authentication demand by the public 
key authentication procedure to AP1 transmits the authentication frame 61 to AP1 
(step S61). The frame body section of the authentication frame 61 serves as a format 
shown in (1) authentication frame 61 of drawing 7 , and serves as a frame which set 
Algorithm Number (algorithm number) 70-1-1 to "n", and set Transaction Sequence 
Number 70 (transaction sequence number)-1-2 to "1." In addition, at the time of the 
authentication in a public key authentication procedure. Algorithm Number 70-1-1 to 
70-4-1 always defines it as what is "n" (the number of the arbitration whose n is not 
"0" or "1"). By setting Algorithm Number 70-1-1 to 70-4-1 to "n", it becomes 
possible to distinguish from the authentication procedure by the Shared Key method. 
[0063] AP1 which received the public key authentication demand transmits the user 
certificate which AP1 holds using the authentication frame 62 from STA2 to STA2 at 
step S61 (step S62). The authentication frame 62 serves as a format shown in (2) 
authentication frame 62 of drawing 7 , Algorithm Number 70-2-1 is "n" as 
above-mentioned, and Transaction Sequence Number 70-2-2 is "2", and it serves as 
a frame which inserted the user certificate (what also attached the public key of AP1 
which accompanies a user certificate) which AP1 holds in the user certificate 70-2-3 
of AP. - 

[0064] STA2 which received the authentication frame 62 from AP1 at step S62 
verifies the contents of the user certificate of AP1 which received from AP1, and if it 
checks that there is no problem in the verification result of the user certificate of AP1, 
the user certificate which STA2 holds will be enciphered using the public key attached 
to the user certificate of AP1 (step S63). And the user certificate of enciphered STA2 
is transmitted to AP1 with the public key of STA2 which accompanies the user 
certificate of STA2 using the authentication frame 63 (step S64). The authentication 
frame 63 is STA which had become the format shown in (3) authentication frame 63 of 
drawing 7 , and Algorithm Number 70-3-1 is "n" as above-mentioned, and 
Transaction Sequence Number 70-3-2 is "3", and was enciphered with the public key 
of AP. It is the frame which added the user certificate 70-3-3. 

[0065] AP1 which received the authentication frame 63 at step S64 STA enciphered 
with the public key of AP The user certificate 70-3-3 is decrypted with the private 
key of AP1. The contents of the user certificate of STA2 are verified, and if it checks 
that there is no problem in the verification result of the user certificate of STA2, the 



common key which generated the common key next this time and was generated using 
the public key attached to the user certificate of STA2 will be enciphered (step S65). 
And the enciphered common key is transmitted to STA2 using the authentication 
frame 64, and authentication authorization is notified (step S66). It is the format 
shown in (4) authentication frame 64 of drawing 7 , and Algorithm Number 70-4-1 is 
"n" as above-mentioned, Transaction Sequence Number 70-4-2 is "4", and the 
authentication frame 64 is STA: It is the frame which added the common key 70-4-3 
enciphered with the public key. In addition, Status Code 70-1-9, Status Code 70-2-9, 
Status Code 70-3-9, and Status Code 70-4-9 which were shown in drawing 7 are the 
information field for notifying the propriety of a frame reception success etc. to a 
communications partner. 

[0066] Then, STA2 which received the authentication frame 64 from AP1 at step S66 
is STA. The common key 70-4-3 enciphered with the public key will be decrypted with 
the private key of STA2, the common key which AP1 generated will be restored, and 
this common key will be used for the frame encryption in the radio actually performed 
after this (step S67). By the above actuation, a public key authentication procedure is 
ended and a frame encryption communication link will be henceforth performed 
between STA2 and AP1. 

[0067] Next, the public key reconfirmation certificate procedure at the time of a 
reconfirmation certificate being performed is explained with reference to drawing 8 
and drawing 9 . 

[0068] Drawing 8 is drawing showing a public key reconfirmation certificate procedure, 
and drawing 9 is drawing showing the frame body section (FrameBody 30-3 of drawing 
3 ) of the MAC frame transmitted and received in a public key reconfirmation 
certificate procedure. 

[0069] In drawing 8 , STA2 which had the completion track record of public key 
authentication in the past to AP1 of an authentication demand place transmits the 
authentication frame 81 to AP1 as a public key reconfirmation certificate demand 
(step S81). The frame body section of the authentication frame 81 serves as a format 
shown in (1) authentication frame 81 of drawing 9 , and serves as a frame which set 
Algorithm Number (algorithm number) 90-1-1 to "m", and set Transaction Sequence 
Number 90 (transaction sequence number)-1-2 to "1." In addition, at the time of the 
authentication in a public key reconfirmation certificate procedure, Algorithm Number 
90-1-1 to 90-2-1 always defines it as what is "m" (the number of the arbitration 
whose m is not "0", "1", and "n"). By setting Algorithm Number 90-1-1 to 90-2-1 to 
"m", it becomes possible to distinguish from the public key authentication procedure 
shown in drawing 6 . 

[0070] In the public key managed table 40 shown in drawing 4 which AP1 holds, the 
MAC Address of STA2 which transmitted the public key reconfirmation certificate 
demand exists in STA Mac Address 40-1, or AP1 which received the public key 



reconfirmation certificate demand from STA2 at step S81 searches (step S82). And 
when retrieval being successful and holding the public key corresponding to it in the 
column of Public Key 40-2 is checked, AP1 newly generates the common key 
specified to STA2 concerned, and enciphers it using the public key (public key of 
STA2 concerned) which acquired this new common key from Public Key 40-2 of the 
public key managed table 40 (step S83). And the enciphered new common key is 
transmitted to STA2 using the authentication frame 82 (step S84). It is the format 
shown in (2) authentication frame 82 of drawing 9 , and Algorithm Number 90-2-1 is 
"m" as above-mentioned, Transaction Sequence Number 90-2-2 is "2", and the 
authentication frame 82 is STA. It is the frame which added the new common key 
90-2-3 enciphered with the public key. In addition, Status Code 90-1-9 and Status 
Code 90-2-9 which were shown in drawing 9 are the information field for notifying the 
propriety of a frame reception success etc. to a communications partner. 
[0071] Then, STA2 which received the authentication frame 82 from AP1 at step S84 
is STA. It will decrypt with the private key with which STA2 holds the new common 
key 90-2-3 enciphered with the public key, the new common key which AP1 newly 
generated will be restored, and this new common key will be used for the frame 
encryption in the radio actually performed after this (step S85). By the above 
actuation, a public key reconfirmation certificate procedure is ended, and a frame 
encryption communication link will be henceforth performed between STA2 and AP1. 
[0072] In the above, the 1st operation gestalt of this invention was explained to the 
detail. The public key corresponding to [ in / both / the 1st operation gestalt ] ones 
private key and it in AP1 and STA2, And the user certificate which attached the public 
key is held and the user certificate concerned is the basis of the conditions [ third 
person-/ who is represented by the certificate authority ] that the relation between a 
public key and its carrier and own justification of a carrier can be proved. Although the 
exchange procedure of the public key shown in drawing 6 will occur by the time STA2 
performs a public key authentication demand to AP1 and obtains authentication 
authorization from AP1 Based on this invention, a partner's public key information 
that the completion track record of authentication has AP1 and STA2, by continuing 
holding after authentication discharge By using the public key reconfirmation 
certificate procedure shown in drawing 8 in the authentication demand of the 2nd 
henceforth, it has the effectiveness that simplification of authentication procedure is 
attained, by skipping the public key exchange procedure between AP1 and STAs2 
which were performed in the first-time authentication procedure. 
[0073] Moreover, by using a user certificate in the public key authentication 
procedure of the first time shown in drawing 6 From holding the public key information 
on STA2 after the authentication authorization after checking the public key of STA2, 
and the justification of STA2 which is the carrier, AP1 When the reconfirmation 
certificate demand which used the MAC Address of STA2 concerned and which is 



depended for becoming completely occurs AP1 which performs the public key 
reconfirmation certificate procedure shown in drawing 8 In order to encipher with the 
public key corresponding to the private key with which only just STA2 holds the 
common key transmitted to STA2, It has the effectiveness of becoming possible for 
the reconfirmation certificate demand origin STA depended for becoming completely 
to be unable to decrypt this, and to be unable to acquire a common key, therefore to 
prevent ********** by inaccurate STA by this invention. 
[0074] Next, the 2nd operation gestalt of this invention is explained. 
[0075] the 2nd operation gestalt be the wireless LAN system considered a system as 
the configuration which make public key management information ( public key 
managed table 40 specifically showed in drawing 4 ) about STA under attribution in 
each AP ( migration terminal office ) the share information in a combination network in 
the combination network top where two or more BSS ( basic service set ) by two or 
more AP ( base station ) exist , and each BSS be connect by the cable or wireless . 
The configuration made into the share information in a combination network is a 
configuration of arranging the high order AP which generalizes two or more AP, the 
high order AP holding public key management information collectively, and each AP 
performing the registration or the inquiry to a high order AP at the time of the need, 
and obtaining the reply from a high order AP. Also in case STA under attribution in 
Arbitration AP performs first-time public key authentication to other AP by migration 
of BSS by considering as such a configuration, it has the effectiveness that 
simplification of authentication procedure is attained, by carrying out the public key 
reconfirmation certificate procedure by this invention. 
[0076] Next, the 3rd operation gestalt of this invention is explained. 
[0077]- The 3rd operation gestalt is Independent which IEEE802.11 defines. It is the 
configuration which applies this invention of the 1st operation gestalt to the wireless 
LAN system of a method (independent: independence). Independent By the method, 
only two or more STAs exist in IBSS (Independent BSS : independent BSS), and AP 
does not exist. And STA which received the public key authentication demand based 
on the 1st operation gestalt of this invention at the time of the public key 
authentication between STAs in IBSS considers as the configuration which continues 
holding the public key management information (public key managed table 40 
specifically shown in drawing 4 ) of the authentication demand origin STA. By 
considering as such a configuration, it has the effectiveness that simplification of the 
public key reconfirmation certificate procedure of the 2nd henceforth is attained. 
[0078] In addition, in the 1st [ of this invention ], 2nd, and 3rd operation gestalten, it 
becomes possible to prevent continuation use of an expiration date piece user 
certificate by considering as the configuration which gives the maintenance term of 
public key management information by introducing the expiration date information 
based on a user certificate with the public key management information about the 



authentication demand origin STA which the inside [ STA ] AP of BSS which performs 

authentication authorization, and IBSS holds. 

[0079] 

[Effect of the Invention] As explained above, the authentication approach and 
authentication equipment in a wireless LAN system of this invention Since 
coincidence implementation of the key delivery for codes and an authentication 
procedure which held secrecy nature only by between persons concerned [ which 
performs radio ] can be enabled, it is related with STA (migration terminal office) 
which completed first-time authentication. It has the effectiveness of making 
realizable simplification of the authentication procedure of the 2nd henceforth to the 
same AP after authentication discharge (base station). 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] It is the block diagram showing 1 operation gestalt of the authentication 
equipment in the wireless LAN system of this invention. 

[Drawing 2] It is the detail block diagram showing an example of AP and STA. 
[Drawing 3] It is drawing explaining the configuration of the MAC frame transmitted 
and received by the authentication demand between AP and STA. 
[Drawing 4] It is drawing explaining the public key managed table which AP holds. 
[Drawing 5] It is drawing explaining AP information management table which STA 
holds. - 

[Drawing 6] It is drawing showing a public key authentication procedure. 

[Drawing 7] It is drawing showing the frame body section of the MAC frame 

transmitted and received in a public key authentication procedure. 

[Drawing 8] It is drawing showing a public key reconfirmation certificate procedure. 

[Drawing 9] It is drawing showing the frame body section of the MAC frame 

transmitted and received in a public key reconfirmation certificate procedure. 

[Drawing 10] It is drawing showing the authentication procedure in a Shared Key 

method. 

[Drawing 11] It is drawing showing the frame body section of the frame format 
transmitted and received in the authentication procedure of a Shared Key method. 
[Description of Notations] 
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2 STA 

4 BSS 

5 Ethernet (Ethernet) 



12 Walkie-talkie Section 

13 IEEE802.11 PHY Protocol Processing Section 

14 IEEE802.11 MAC Protocol Processing Section 

15 High Order Layer Processing Section 

16 Memory 

1 7 High Order Layer Interface 

18 Base Station Terminal Body 

1 9 Wireless LAN Card 

20 Migration Terminal Body 
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»BE®R«rf? 3 IS HSSfl S ti S M A C 7 ^ rt © 
7U— A^-rVSPOAIgorithm NumberOfi&'te, roj X 

» r i j r n j r*fes. c^tftsa^r 

4 tcEttOfttt LAN v'X^AlCfettSBETSr 

So 

C»*3H 6 3 WE A P tt^MjiBa^-^l/J&ffiWf 
/0 U iuEi v iaflf- 7;VttWEA PA^a^fcEEW 
or^riiSPLfcHSfSOWSWES TAOMAC7HUX 

I£S T A OWES T A'AWmt. MEAPtfKST 
AOBEWRl^c^fiKLfBfTLfcttiiBai:*. ^StBE 
ft bJJIHIC ffi^F*r 3 , C^^Sj^t^ If ^ 5 tc EttO 
MM L A N > x f - A tc if & BE^iS „ 

7 ] WE STA ft<WE A P *c» LTWE4HB 

oTM^ti, WEiMMMHBE#NH», WESTAfr 
^WEAPtc^bTBEIE^^fT^XT'^7 P i:, WE 

20 BBEfi**»«LfcWEAP*t, WE£t0flttf?BEfi 
**aS<iLfcWES TAOMAC7 KUXtfWEA PO 

£ WE^Mtt Blf- r 71/ tc #ft"T £ fr 
U ttiRLfctt*, WESTAOMACTKUXtfWE 
»M«raT--7/MC#fiEU fro. KMAC7KL/X 
(cSJSt§^ri8T*»S i: c 5 cO WE S T A4>|JH«*W 
E4J Bflatif- W fc: ««r L T v ^ « c 1: *«B L fc 
«*&tc{4. WEAPtt, 3iS T AtC*tLTj§5rr£»T 
fcft«a«-t?fe*»fttjB«*flfe*L, K*TKaM«rWE 
S T A4>H»T?Wf9ftLTtt^fb«*iaBB**J«L, §^ 

50 BS#ft«ffta»«rME STA tci^fi LTBEs^ oj^iia 
t§XT7^^^«S?ti, WEW^ft»r«Ji«*« 
ft L/c WES T WEB|#ft»r«ii«*WES T A 

«HWt-e«^tLrwEff«a««iiftL, «bo7U 
-r § m&m 6 tc eko^ss l a n x t- a tc 43 s be 

8 ] WES T AfrWEA PtcWbTWE^ra 
«SBES**fif3IR»ca8afflStiSMA 
O^U— AjPtV ^Algorithm Number^fiti, To J 

40 t ri j h r n j ■e4^ffio» r m j t*«s, 

t *T ^> 7 tc fBI^M L A N > x x A fcnt 

9 ] Mm LAN S/X-r AtCfefrtSEEKHtC 
*31>T, ^ttfflftifTfe'Sfc-rSAP (SflfiH) OMA 
C 7 K l/X^SIUDfi^tS A PlS«iIf-7/l/rttc 
#ft-r£frSfr*«fcif?U WEMA C7 KUXffMEA 

pmnwmf— y^mc^tEL^m^ic^ wea p 

JcJ*LT4^IBiaBEB**fTt\ WEM AC7F UXfr 

wea pflWB«a^-^urtfc»aEr*»$*c«j:, we 

50 A Pfc»LT^M»SBEH#*fTd STA 
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a) mest Afrz<Dmfc / j>mmm$m&&zMz 

©BHSfTSTOEAPfc, *«5t*cfc*W«i:-r*jR 
SL AN S'X-r AlcfcttSBffiE&Eo 

bs#ei o] wi5APfli«Bfa^-^w4, mes 

N 5/ X -r A IC «5 1* § ElE^So 

u>££i i] SuiaAPti, ie>ogisiT$>i»AP 

■^fSE WP** £ C50AP a— !fSHU» ^ U 
tWESTAtt, ifttOffiffiaTfeS S T Affi&mt, hu 

ms j Awmmicttjz^%temm?2bz> t c zco s t a 

1 EtcGttOffitttL AN^X^AKfeW-SESESSBo 
CISaRSI 2] BoJ2S T AtftuEA P l£*f LTsuEii 
BB«BSEB**fT 5 if^tc « , mSE STA*^ huE A P 
(c W LTBEB**fT^\ fflEBKfi#*»B Life ME 
A PALMES T A(-c^f LTtufB A P a— 1flIW»*3Si 
it, WEAPa— ifBEM»*SfllLfcWIBSTA*^ 
ME A Prr— FttflB»*«lILfc1*fc:MEA P^-lflE 
MWcasf^snfcWIEA P4>B8««:flH/>TiMES T Aa 
— *fSEW»*W#ftLTW^k S T Ai— 1fBEIH»*fts 
/£U MflEHWffcS T Aa— ifEW»*HaiBAPJci*L 
Tj£{g U MEBg^ffc S T A rL— if SEW»*SfS L/atu 
EAP#. MfBBg^ftST Aa— tfKW»*lttlBAP*B 
ffiaTMS^ffctTMES T A^-lfSEfES^PS^U tu 
IBS T A3.-iflEW»**|ELfc«k:«MES T Aa-f 
HBWfcSttSnfcMES T A4>|««*fflu^TlMBA P 

MEB^ftftilgt^rME S T A tci^fl LTESE^np&ii 
&JU t5iBHS^tWii«*S«L^HulBS T AA^, ME 
Bg**{fcttffia*ME S T A IBffiat*«^ft t T MEftiii 

N *>X-r AfcfctfSBIEgfio 

1 3 ] ME S T A ME A P (c*t LTME4> 

MBBa»**ff 5i«teaHWi*n*MA c^iz-Art 

^:7U-A#x^gflOAIgorithm NumberOflte, To J 

xfi r i j tft^etos r n j t*&3, 

•r^I§*^l 2tC|BSEO^L AN^X-rAlCfctt^E 

mmum 14] me a p ttttBumra-f-- ^metam* 

U WlB^IW««aT— 7;l/ttWIBA PA^iSStCBIIW 
pI^ii^PL/cHJI^W^SuIBS T A OM AC7F UX 
KSTAOttESTA&Hiai:. ItiEAPtfKST 
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Acommttmc^f£LWrtLrcPkmmt*, m^mm 

(Dm&LA N *>X-r AJCfittSBSESKHo 
[SS^S l 5 ] ME S T A tffiuE A P tc fcf L T fiuE^ 
BB«SBBEfi**f¥3*i^ictt, MES TA^biffiA 
P*c»UTWBBHI**m\ mEHBB»«««AL 
ftMBA P tf, B9E4JIW«IIEIiES*«raSll UfcWfE S 
T AOM ACT FUX^ilEA PO)fiH«r«lKrE&HB 

70 EST AOM A C7 KUXA^BuE^BB«BIlf—r;HC 
*?£U fro. KMA C7 Kl/Xlc»l£t5i>|IBaTS 
3 c SOME S T A»BH«*ME4iBIIWia'r— 
rtk:«»LTV>*Cfc*BIBLfc»*k:U:. ME A P 

a«ESTA«c»LT»e-r*«ffcatt3i«T**»f 

«iia«r£/S;U Kfr^lt^MIEST AttlHBTWf 
ESTAJcasmLTBSEff^ilttU TOEB#ft*f« 

jH*afLftMESTA^ mammtmnmm^m 

ESTAtt««T11WtLTimBR^«*l}ftL, fit 
20 B07U-ABg#ftiifijc:R3tff«a»«:ffiffl-rs, ci: 
*W«fc-r*»*«l 4(cEt©f»»LANS/XfAlC 

[W^JS 16] ME S T A #ME A P icfj L TTOE4i 

MasESES**^ 5 istc jMsms mac7 a 

U— A ^Algorithm Number<D{fite, 

roj £ r i j t r n j TftvH3E«o» r m j Tfc*. 

Alc&ltSBSEttBo 
30 [00 0 1] 

[iioit^si^ffl ^xnaftUi lan ^xt- a 

{tLTM«iilfT£MI?L ANv-Xr-AtC^^T, ^ 
S*#HIT*<0*a5Htt«r«fiFUfeHg#ffl(oa 

A*c*jtj-SBSESrffikBII«EBtcB8 , r*o 
[0 0 0 2] 

[tJeSSOfttB] ilLAN (Local Area Network : 5 

[0 0 0 3] AN->X-rAtC*5*tSBg#{t^^c 
Ol/>Tti, cn$T IEEE (Institute of Electrica 
I and Electronics Engineers : 

#ts^) 8 o 2mm£**&£ i,TiMmt<D&M&m*b 

6 tit * T * t> > O^^ttti Tfe 5 I EEE802. 11 ^31 > 
T(i, JK«L A Nt*»«^*KHOHB#ftacfBBE© 
^xtOlO^LT. Shared Key (P&M) BH^ra*« 

50 [0 0 0 4] Shared KeyTSrS^fel^Tti, El 1 tc^-Tcfc 
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SftMWLL AN<Dmt&JmtLT<DA P (Access Point : 
1 i:tWft«l5tyBi:LTflDSTA (St 
ation :xf-y3» 2 3l{ffS#S(c]5V(;:{£ 

^ftJiS*fir 5IR*c«4 4aa<D«il»<0*Ol ocottii 
ffc/B 0«OiH2l^ ffi tc flfJLT(4, I EEE802. 1 1 ic (4^g $ 

[0 0 0 5] Shared Key7i^tc^nt^|gfE^Jl|Ifco^ 
T, BlOfitfHl l*#BBLTRWr«o 

[0 0 0 6] 01 0(4. Shared Key^K&ttSigSEif. 
W** , rBITftO, 01 H4> Shared Key#S<DBEE^ 

[0 0 0 7] 01 Otc&^T, AP 1 (cttLTShared K 

ey^afccfc^BHB^SrfrS S TA2(4, APHcftb 
TBKTU-Al fcigffra (Xf77S 1) o BSE? 

Aio^u-Atf-r-rBWi. hi I© (i) mm? 

1 (c^-Tfl^^&oT&D, Algorithm Number 
(7;I/d'JXL#f) 1 1-1-1* r l j fc L, Tran 
saction Sequence Number ( h ^ */ 3 ^ > 
Xf§) l 1-1-2* r i j a/c7WAi:^ot 
<^« 0 &*5, Shared Key^S(c*3frt5BBE«Ftc«, Algo 
rithm Number 1 1-1-1 — 1 1-4-1 (43ftc f i j 

[0 0 0 8] Xf^^S 1 fSTA2^6BEfi**S 
(IL/cAP 1(4, ^iE"7b-A 2 *fflt>T Challenge Te 
xt ^d^V^A&tf *y h^J* 

S T A 2£fcFLT2HTr5 (XT77S2) c 
-A 2 (4, Ell 14> (2) BSE7U-A2 Jc^T BAt 
&oT*5D, Algorithm Number 1 1 - 2 - HimuSOii 
D r i j *^S>|9> Transaction Sequence Number 1 1 — 
2-2(4 r 2 J T\ Challenge Text element (^-^U> 
mxhxMyh) l 1 -2-4 (c Challenge Text 

[0 0 0 9] 2T-AP1 fr6BK7U- A 2 

^{fb/cS T A 2(4, AP 1 *>6Sfi b/c Challenge 
Text£, ^Challenge Text(c*hf £CRC32(Cycl ic Redun 
dancy Code 32bits)WffiJ8Slc*BS-r£ ICV (Integrit 
y Check Value :^yf?iJf^i7WJH (C 

3) o ^LT, Bi^ftL/t Challenge Text £ ICV *\ {£ 
fflb/cttiiBS!oattS?BT*feSIV (Initialization Vecto 
r : -r-^-v^-r-trV^a > • £#(c, BSE 

7l/-A3^TAP HCfcfLT&frr* (Xf7^ 
S 4) o ^l!iE7b-A3(4s 0 1 1 (O (3) BSE7U- 
A3(C^*T^^^:oTfc>). Algorithm Number 1 1- 
3 - 1 I4jiuai<7)jit) r i j T*&D, Transaction Sequen 
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ce Number 1 1 - 3 - 2 (4 r 3 J Z\ IV 1 1 - 3 - 3 , 
Challenge Text element (B^fftLfcChal lenge Text) 
1 1-3-4, ICV 1 l-3-5*f*ftlLfc7U-Ai: 

[0 0 10] Xf7^S 4 A3*Sflt/c 
AP 1 (4, Sfi 7 U- ArtS1f$8 (IV 1 1-3-3) ^ 

8B*«#ftL. ^{f 7 Aft ICV (ICV 1 1-3- 

s) fc*«B**6*aiLfcicv <o-afc. arattsft* 

/0 6»6n5¥ii7ryys 2 TiUfl L/cChal lenge Te 
xtfcO-SSc*»BLfc»^fcti (Xf77S5T-S4 
WELteE^) , BE7b- A4*S T A 2(C*tLT^ 
«LTBIBfe7*ffl»rt-* (Xf-y^Se) 0 BK7U 
-A 4 (4. 0 1 \<0 (4) E§aiE^U-A4(c^f f^S^ 
&oT&9, Algorithm Number 1 1 — 4 - 1 (4tuai<£>ii 
D r l j T$>D, Transaction Sequence Number 1 1 — 
4-2(4 r 4 J T, Status Code (Xr- ^Xzi— K) 
1 1 -4-9*tt*PLfc:7U-A£&oTl^o **3, 
0 1 1 (c^LfcStatus Code 1 1-1-9, Status Cod 

20 e 1 1-2-9, Status Code 1 1 - 3 - 9 RtfStatus 
Code 1 1-4-9(4, 7 U— A§fl/£«J<0 nJSfc if * 

[0 0 1 1] W±©«rfNcJ:?K Shared Key^K&t* 
*BH#««««FT L/, JM*. S T A 2 A P 1 JBTWii 

[0 0 12] Shared Key^FS»c*5tt*BEi:«E2IO^r 

ffi(c(4, «^4^ffi*^»ajg*nr*5?), 

3o flu#0— CT£ LT(4, 0 0 1 - 1 1 1 5 4 4 

*Mi*iE«0 mUL A N^X-rAJctsttSSBE^ffii: 
I^IISHJ ^*P^nr*5 0. CCD^$ST(4, Effiit— 

T, W^ftBK*fT5ft«««l3K*nTl/^*o « 
^cO-^iJh LT(4, - WBB¥ 11-19 17 6 1 ^^?8SB 
icco rfflHBaE^}£&t/^08Hj *<&I&nT*3?) , C 
^#BT(4, Diff ie-Hel lmanO«BB2ST;l/=fU XA^ffl 

^ l/^T^IW«(OiEatt«:»B'r*a*^iB«*nT^^o 
[0 0 13] 

# o BSE¥im^ff[SI4: t^i:^§tv^^tLT^ 

[0 0 14] Sfc, S2(Dffili:LT±asbfc«HEaSr;I/ 
=f 'J XA*fflt^BBE¥»c*5l^Ttt, ilff -5 
50 #IBTO»«Ktt«flH«L^aeati:BK«nimcfT9 
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*Sffl©ffiaE#«BSIfT«plc t, «J@©SaE^4:ra-¥l« 
Mt5Ci:i:fl:'3 > #S5<Dx- 2 affirm©*-; s-'n 

[0015] *«wt4±aLfc»i«*a#-r*fc«>jc!a: 

StlfctO-CfctK #5Eim<DBWtt, MiftiStt£fT3£ 

ap (s%s) fcwrs2iueJWK©^iaE#)iiH<DraBSfk 
m t mmm* mm.-? 5 c t ic $> 3 0 

[0 0 16] 

[RBJfeWtt-r * L A n ->x 

bsii73^c^v^t, sta <&wm*M) a. mmmm 

ZtfifSri h~?%> A P (SUS^) COM AC7K UXA^WE 20 

sta ©^-r s a p mmmmv—7ji'mctftE?zfr 

5fr%fcU?U WEMA C7 KUXtfWEA PtifSWOl 
f— ^H^lC^aEL^t^^-lCfi, WES T A&WEA 
P »c*f LT&IHMHBEEJjifcfT^ WE A P liWE&Hfl 
jBBBEH^^fi^-pfc-Sli^tttiJfHES T AOBIE*fT 
i/\ WEMA CT FUX*«MEA Pflf if!r-7;W 
Sti^-lcte, WES T AtiWEA PtcftLT^ 

MasBSEB**tTV\ we a pimm^mmmmmm 

[0 0 17] WE A PtiWBWr-TVUi, WE 

s t At)m&&!%mmmM*'<7^xm'£mm%2.&<»& 
7*n©*r« a p com a c t f-* ux%ssrtg!BS7fgii 

[0 0 18] ?e,tc, WEAPtt, i6<DKS^T-*5 
A P i: , WE A P »ffi»cttJS-r * aPflSiT?* § 
£C3<OA PttBHat, WE A Pi*BJft*f<tLfcBS© 
a— tfUW»T-fe« i: £ Z<D A Pa- tftlBHtti;*^ 
U WE S T A tt, U<b<omm®.-Z3bZ> STA *i<SBa 
k, WES T A85fE»fcJ*fS-r*l>5flaT'feSi:C5<0 40 
STA&MMfc. WES T AiilNMR*ttLfce 6©a- 
*fmmWT'& 5kC3<0STA a-+f iffB.8g i: L 
TVS, £t%&®Lt?Zo 

[00 19] $fc, WES TA^WEAPtcftLTWE 

oT«ijs?n, WEi>r?as!gS8i^wrui. westa*^ 

WE A P tc *fr L T ffilHK#*fr 3 X x -y 7 s t % WESSliE 
S*^r§fl L fc WE A P e. WE S T A icM LTWE A 
Pa- •fBEW«*3aSfl|-r*Xf--y7 r fc, iuEAPa-f 
EWttSfLfcWESTAtf, ffiffiAPa— «fE3H« 50 
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fcttffi Lfc^tcWE A P a— +fSEWStc^# * tifcWE 
A PlW^ffl^TflOISS T Aa— *fSEW»*«HtffcL 
T BS^t STA a— »f IEg|**fft£ U WEBg*f ft S T 

Aa— tfmwwzmmA ptcfctuTasre-rsx-rvy 

t . WEBg^ft STA a— «f IPfllfSrSfl LfcWE A P 
tf, WEBg^ft STA a— tf SEBflS^rWE A P 8ME«T- 
m^tLTWES T Aa— tfSEB^S?rf|^L, WEST 

koL-miwwzmiLrzmicmzs t a a— *rsEw» 

tCgstt^ftfcWES T A^S^fflV^TWEA PA^fiSc 
Ufc«ii«*BS^ftLTB6^{tttii«*^L, WEBg 

mt^mm^mms t AicmmLT&mm"i*mta-?z 

WE STA tf, WEBg^ft«iSit^rWE STA ttfEHT 

mmicrnxmrnzmm-?*. ct^itn. 

[0 0 2 0] £<=>lc, WESTAjtfWEAPKttLTW 
E^B8SjiSSIS5R«rfT-5 IStjgS^^nSM A C71/- 
AF*9C07U— A4-t7-VS[5cOAIgorithm Numbercoffiti;, 

roj x« r 1 j T4i^*os r n j r*$,s, ci^ 

[0 0 21] £fz. WE A Ptii^WgUr— TOUSrfS 
J#U SMeiWfif-7;HiiuieA Ptfa^KiSSE 
fFRl%iiaiL/-c^a<0#5WES T ACOMA CT FUX 
t, KS T AOWES T Atefflmt. WEAPA^ST 

[0 0 2 2] ^6tc. WES T A^WEA PfcWLTW 

lUfCtoT^^n, *JIBttra»HBffiE¥««:, WES 
T A 6 WE A P left L T MigliESjR^fT 3 X-r -y r 
t." WESBfiE^«r§<lUfcWEAPA^ WE^H38 
SBSEa^%j2l{iL/cWE S T AOM AC7H UXA"iW 

ea poffiWr-rswastoMasa-r— 7;i/rt»c#ft-r* 

A^^L, ftmLfdtSflky WES T ACOMA CT KUX 
*^ffittlWaBa-r-^Hc#ffiL. I^M ACT 

K UX»ci*jC-r*4JPBifP** k C 5 CO WE S T A'AW 

si^WE^uflawa^-r/i/rttc^LTv^ c k^ 

nSLfc^lCti, WEAPti, ^I^S T AtC*tLTJ§5£ 

««nes t A4*Ma-ei*^{fcUTB&*{t*f#ii»*£ja 

b, KBg^ki&r*tiia«rWES T AfciMMLTBIEfFnl 

^afij-rsx-r-y^k^swrtsti, WEB§^k©T«a 

a*S« LfcWE STA*\ WEBg^ft»r«aa*WE 
S T ASiffii-pa§fkLTS9fB«r*ia*Bt J-XP$ 

o^u-ABg^ftaetcsnffftaasfieffl-r*. ct^ 
¥fmt-?z„ 

[0 0 2 3] WES T A^WEAPtcWLTWE 

4jiw«sffi«EH**tT'5 RtasamsnsM a c 7 u- 

Artco^ U— A^-r-c SBcOAIgorithm NumbercOflfi, 

roj t rij i r n j r-^v>ffiicco3S r mJ r-fes. 
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[0 0 2 4] 4c»noftMtL AN$/Xf AfcfcttSBE 

T, «MB31«*fT*9fc-r*AP (SttS) ^OM ACT 

■T*^5^**JRL, MfBMACT Fl/X^ttEAPf 

LTl>BS«BffiES*«r?f i/\ SulBM AC7F UX^MfS 
A PW*8ga-r-7;l/rtlc^aE'rs«'&t*:«, MI3A P 
te»LT»ll!«IIBIEK**fT5 S T A (&Si«*/m) 
fc, MIBS T A*^60lWiB^HI«BliEH3R*av^iWI5 
4iBB«SBEfi**^a^^fc*»d»cttME STAOI 
ESrfrSMEAPfc* ^rfl^^c i:*:«f«*:t-3o 
[0 0 2 5] S/c, MIS A P*«Bif-r;Wi, MIS 
S T A^Sei2^BB(IBBER*€:fToTK4>m«EIE<0^ 
Tnm<omz APOMAC7H l>X*Jt#rlSIiE£E7i£*I 

irate ffiit-r & c 4: *«r«t-r*o 

[0 0 2 6] 2£tc, WIEAPtt, 
APMi:, «JISAP»«B»cJtJE5-rs^|IB«"e»* 
bCZVAPl&mmt. MEAP&HHBfcttLfca&O 
a.— ifEW»T*fc£ tc^OA P:x— "fEflWfcSflHS 
U huIB S T A tiu S6©affi«-e«*S T A*B«f» 

STA^mmt, lMIESTAttBl««f*Lfca603.- 
If EW» 5 k d 3 S T A ol— If SEW* k L 

[0 0 2 7] MIBS T A^MIBA Ptc*tLTf5fB 

&IW*BEH3R*ff 5 *-&tc t£. MIB S T A *p SME A 
Pfc»LTBE«#*ffif\ WieBBEB**«lbfcW 
IE A P^6h9I5S T A^JtbTSffEA Pi— FEW** 
mm U MlffA P i— -*f EW»*r§M LfcME S T A 
ffi. «IBAP3.-1flEW»*«gEUfc«JC«(JEAPaL- 
OTH»fcSto*tifcMEA P4M>«*ffl^T1WfflBS T 
Aa- »fKBB»*»WtLTW#{tS TAa-flif 
*m«U «»8BW#ftS T A3.-1fffiW«*H(JffiA Pic 
fcfLTiMffU SuIBBg^ftS TAa— »fK9W*»BL 
fcituffi A P *\ ftijIBBg^fb S T A 3.—' tf SEBB«*fflf35 A 
P»«B«T«#ffcLTflaiBS T Aa- «fEB«*B£ 
U huIBS T Aa^ 1fEW»**ELfcfl»cMES T A 
a-ifBEW«c»f*snft«MES T A4»M*ffl^T« 
ISA P*^bfc#tjM*«*ftLTW^t«iMi*ff 
*U mEWf#ft«a«*«lflBS TAtcaSfibTBBEIt 
npfcafclU tftERrabftatt*SA LfctfflESTA 
*\ ffifIBHS^<tttii««rHuJB S T A»«f«T«9ftUT 

[0 0 2 8] MIBSTA^HufBAPtcWbTBij 
EfiMftBEftJt*ff ^i^§i?nSMA C71/- 
A>Kt-V gJ5cOAIgori thm Number cOfBteu 

roj x« r i j v&^&mvm r n j 
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[0 0 2 9] Sfc> «JEAPtt»Bfl«ffax-^l/*« 
»U WfE4JHWI*a^— r;l/tt«0EA P9^3A£K:BE 
UpPlSSBJEDL/fclgao^rSMES TAOMA C7 FbX 
k, l£S T AOitutBS T Atefflmt, MIBAPffRST 
A^BffillFRl^^dcLafTLfcWiiai:*, SftBE 

[0 0 3 0] £6tc, fufBS T AtfMfB A PtcttLTfu 
Ei*WMI5BEH#«:fT "5 if^tc ME S T A 6 M 
70 EAPte#LTWBER#*fTl\ «JESBfiEfi**S 
ft LftMEA PrtV mjE^B8«SBHS**5iSfiLfcfiu 
IBS TAOMA C7 KUX^ftulfiA PO{S*$"rS«3E^ 

«, WES T AOM A C 7 Kl/Xtft}E4iH«f If - 
>OWC#?£U MMAC7Fl/X(cSjSt§i%1 
«"e**kc BOOTES T AaiW«*ME^IJfl«BSf 
- 7 f c LTi^ct «r SSS L fcif^ tc fi , Ml B 
A Pit. SRS T At#LT«6t4ift»«awa& 
*«#a«*£j»U K«ftta«*S9ESTAiMW«T 

*MES T Afc»«LTBEiira*a»lU MIBBg^fk 
*«aitSibftllESTA^ fflfEHS#ft«r«a« 

*mibs t AW£mvmm<tLTmmmnmm*n3i 
u w»o7u-Aus#fta«icK*f«a>i*ffiffl-r 

[0 0 3 1] MES T AtfiJEA PtcWLTMIB 

A ft CO 7 A f V S3 <D A I go r i t hm Numbe r <D ffl (i , 

roj k r i j k r n j rfc^ffiatoft rmj t*&£u 
50 ct*»ltt5. 

[0 0 3 2] 

THB*#Hl/TlBWr«. 
[0 0 3 3] HI 1 tt4c%KO^tk LAN ^>Xf A{C*3tt 

[00 3 4] HI JC^-r*gafiOJB«(4, mm. LAN^ 
Stifi/^kLT^AP (Access Point : T^-feXtfW 
h) li:, API tc»iS-rs»S64a*^i:bTOlS»(0 
STA (Station :Xf— >3» 2 (STA2-K 

40 STA2-k) fc^&«|fig$nTU^5 0 Bl^tWH 
<DBm$, IEEE802. 11T^*-T§ ^ C 50lnf rastructu 
re W>77Xh7^ft) 7?*T*fc5. C^J:^^ 
«LAN*y h^— ^Ol/hfffiJ&B S S (Basic Serv 
ice Set : S*:^— tfX • -try h) 4 ^l^o 
[0 0 3 5] B S S 4 WtCfeJt^ A P Hi, SSTA2 

A P 1 icmWT Zfc&CDmm*^ tsBeacon (fcT-n 
V) ^U-A^:, nffi09(CB S S 4rti:7n-H*tX 
hillfib, ^MBeacon^U-A^rSflb/cB S S 4 ftco 
§S T A 2 tt, IIHK«(CAP 1 tWLTBKB** 

50 fifv\ A P 1 tc ± OBEfffoI«rS» A P 1 *\(om 
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m®M*TtT^Z> CtlZ£0. A P 1 £<Dmm*'nr) £ 
t.tfnjmt%:%>o £fc, Inf rastructure73itt£&tt£ B 
SS4WSSTA2li, S T A 2 BfliMWHCfc^T t> 
A P 1 *tf>Lfcai«*fT5o 

[0 0 3 6] S/c> g| 1 tc*5tt£A P 1 ti (portal) t 
&oT^£tf. Portal £14, IEEE802.1U^OL AN7 
a h^iltcoya Y^iim&mfeikk P l IcttiQLfcC 
i:^bT*50, giffi/g£LT<DA Pl^Ethern 
e t (SfSfSffi) W-**7h (SftiSaD ) 

lan fc©»as*piftB«c Lfti»a76« ct* w 

[0 0 3 7] fcfc, Blte5*Lfc*M®»l8«\ IEEE80 

jBWKMOW^ftatfBBEOTST^i: IT, Shared Key^ 

IHW*ffll^BK^ra*afflLTt^*o fM, Shared 
Key7?S 4: ES'J^T £ ft *6 tc, *HflS flgjg tc 43 & EE;£ 

[0 0 3 8] ^tc, H2*#KaLT, APUSTA2 

[0 0 3 9] H2tt, APfcSTAO-«*^tBi7 

[0 0 4 0] H2tC*5l^T, Jj07U7>BtfA P l 
T*S9, TS07P7WSTA2T'SSo 
[ 0 0 4 l ] A P l «\ HI 2 tC^*TMII LAN*-K1 

^±f5^t^>^-7x-X 17-1 ^IT, TC 
P/I P (Transport Control Protocol /Internet Prot 
ocol) ^S17^';^- ->3 ViQ:ifCD±{i7 p n F3;Wa 

TA214, 0"2tC^-T^*SL AN*— K 1 9-2£±ffi 

^>^»7x-X17-2^lt, APl£[p)^3:± 
fiT'u hn;l/jafi^r, y— FS!/<— y-*vlo:/tf £ 

[0 0 4 2] H2lC3^rjB*SL AN*- K l 9- l fcJIft 
»LAN*-Kl9-2tt, W-0«l*«r«**o ffio 

t><Dt?Z> 0 40 
[0 0 4 3] H 2 iC^TMM LAN # — Kl 9 (19- 
1 RZf 1 9 - 2 ) tt, JW»KWt*<07 U-A&gflSrfT 
■5^«8«8P1 2 4:. ^ffliHJaiI«rfT3IEEE802.11 PHY 
(Physical Layer : Willi) :/p F 3;b#tfiffl5 l 3 
MAC (Medium Access Control : m*T *-feXSMl») 
iST*O7^-bXW»«rfi 1 ^IEEE802.n MAC^n h^/W 

a*, fiat^c pu^^ty 1 6(a^mt§± 
ttu-f -Hasan ±i£u^safian s^ffl-r 
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[0 0 4 4] *(C, 0 3S:#iLT, STA2#AP1 
t»LTKBE*B*-rSBlc, S T A 2 t A P 1 

[0 0 4 5] H 3 tt, SSEB$B$fC AP^STA IIUTig 
5« M A C 7 l/-AOiJ*4JBfflt5HTS5o 

[0 0 4 6] S TA 2(OA P 1 {cWr«l2liEB*«F*c 
14, HI 3 ic^f I EEE802. 11<DM AC7 L/-A7*-77 
Mc^oMAC7U-A30-l^ APlhSTA2 
IHTSJftSn. MAC7l/-A30-Hi, MAC Header 

(M AC^7 & — ) 3 0-2£, FrameBody C7b— A 
>Kt-V) 3 0-3 £FCS (Frame Check Sequence : 7U 

[0 0 4 7] fit, Infrastructure^tcfctt^MAC 
Header 3 0-2(4. *17 1/-A*^^»1WI«%/T 
T Frame Control (71/-A3>Fn-;l/) 3 0—11 

^T^^^OB^P^^g-r^Duration Or^U-v-a 
>0 3 0- 1 2C07^-;l/Kt, 71/- A&flflcTFU 
X^r^-TDA (Destination Address : 2S«jteT KUX) 
3 0- 1 3<D7J— /l/Kh, 7U-A^iXf^7KUX 
^tj^SA (Source Address : ^ffTtT Fl^X) 3 0—1 
4<Dy>(-;]sb*h, B S S 4<OM8iJt»»^R-rBSSID 3 
0-15 (Dy j — ;b F t . y U— AiMff JH^-rSequen 
ce Control (^yxny hn-;W 3 0—1607 

[0 0 4 8] 7U-^fIBt, IS2tC*VriEEE802. 11 M 
AC^n F n;bjailg(5 1 4 Ti4, ±ffiU>f irfflSW 1 5 
60iMfi®*7U— A?:. H 3 tc^*TFrameBody 3 0- 
3UlAftT*:/-fe;WfcU ^fiS^tf^^S^L/cMA 
C Header 3 0-2 ^FrameBody 3 0 - 3 (OmcttbU U 
^SMAC Header 3 0-2 t FrameBody 30-3 tcft-T^ 
CRC32 (Cyclic Redundancy Code 32bits) »WSS«r. 
FCS 3 0- 4 £ LTFrameBody 3 0 - 3 (D&Zlctttm? 
ZCtlLXO, 12 3 fcSVTJ: -3fclEEE802.il MAC/p F 
^;Kcffi 9 M A C 7 3 0 - 1 ^M(t^ o Sc 

i^T[3 2(C7jrriEEE802. 11 PHYT'd F 1 3 T* 
(4, S1MAC7U-A3 0- I Idti* &mfttDM&fr 

i\ mmmffii 2^stiiMAC7u-i,3 o- 1 « 

[0 0 4 9] A§{fB#, ^2tC^riEEE802. 11 M 

AC/n F3/W03»l 4T*fi, «*§M5£g{$ 1 2^MTIEEE 
802.11 PHY^D h^WfflJISin 3tCTmiifflJi^tfofc 
LT8II LftM A C 7 U-A 3 0- 1 {C^LTCR 
C32 OttW*frV\ Sfl7U-Art^FCS 3 0-4OfB 
£CRC32 »mig»i:*<-a'r*lS^*ctt, MAC Header 3 
0-2 Ort^O«*r^§{l7 ffla*fT 
V\ FrameBody 3 0 - 3 <Dffl5#* ±{aU^-VJttag|5 1 5 

[0050] m4Rtf^5*#psLT, *nm& 
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[0 0 5 1] 84tt, AP^t§l«fi7-y 
;l/*RWt8HT ; S0, H5li, STAtffififnAP 

[0 0 5 2] APlit B4£i^-i>ISMBSx-7/l/ 
4 0^ 0 2 iCTjk^M^ L ANA-H 1 9 - 1 ©^'j 
16filCfi»LT^So ^M»fiT-7;M0tt, A 
P 1 ^aSic^WO^MaBEtcfcl^TBSEffWSfT 
ofcUfflOW^ S T A 2 0MAC1«I7 Hl/XTS 
£ i: c AC7K UX*r«lf-rSSTA Mac Address 

(STAOMAC7KUX) 4 0-1 ©Mi:. ^ISST 
A 2 <D4>Bfl««r««p-rs Public Key WJyJ*-) 

4 0-24)fffl£, A P 1 WBEfforWFKiaRS T A 21Z 
»bT«ffUfciSMI*«»"r*Shared Key (yi7- 
K*-) 4 0-3Olk^5iSSnn^ o ^IT, 
A P 1 liaffliBiT-7;l/ 4 0 tO§fT«r, STA20 
K9r BEtt "5T/iHtc a»-r « 0 

[0 0 5 3] STA2tt, HSJC^-TA Plf?BSH«r- 
7/1/50*, H2*cS^t"JWI»L AN*- K 1 9-2©^ 
t'J 1 6rtfc:««rLTV*So APi«flf-7;V5 0 
tt, S T A 2 ***RIE^HI«BE*B# 
IM^^THiOtS APIOMACTK UXSfflfift 
£AP MAC Address (A POM A C 7 FUX) 5 0-10 
«fr5*MJSttT*S9, S T A 2ttAP«$BSS-r— 7 
;I/5 0O*fr4, A P l OSfrBE^THSHH^^-r 

[0054] a p i ii N m4icrmmLrc^mmmmv- 

—7/1/ 4 O^OfllSBBIieicli, S£S18?#<DSTA MAC ad 
dress 4 0-l«^Rl\ BE»C«»»*<ora— M A 

tttci^SIWJl7 1 -7/t/4 0©ft»©fT^SKtil«*» 
ft-TSo *aWO»HB»BE^7»07U— AW 

^{fciUKDHSfiSK:, A P l ii4i6SaSIf-7;l/4 0 
OSTA MAC address 4 0-1 <08*fK*rfTl/\ ili§t§¥<0 

5 T A 2 OWg«IB*^IJBBWS-r-7/l/ 4 0 <D$tHR<D 

IJMlWi-r-7/1/4 OtflgWSeftlcitU •rgHMHS 
■OT^«fcttofc»frK:tt* 4JU«llf-7;l/4b 

[0 0 5 5] S T A 2ttA P 1 tmmiC, 0 5 

TiKBfl ufc a p tt ?sB2i^-7/i/ 5 o ^com^mmmc 

tt, gS«r#<DAP MAC address 5 0- 1 ©*W5*fTl/\ 
BElcSS8i»^0|p|— M AC7F Sil'&tC 
tt, fi8fi8o«*I«i:«i: A P««Bif-7;t5 

IWBBiK7«07U— AW«fta«Oil*«fc:. ST 
A 2ttAPlfffiBa-r— 7/1/5 0 OAP MAC address 5 0 



(8) $?HU2 0 0 3 — 5 6 4 1 

14 

- i <D&m%:fri\ mmm^<DA p 1 <ommm^A p 

7/l/±tt«Cffl«f*W*CfcT, A PflMiSa?— 7/U5 
Jfr&tCtt, APflWBBar— 7/1/5 0-|*JT?«*>Tffifcffi 

[0 0 5 6] Jfcfc, 06, 07. 08, 09*#*BL 

[0 0 5 7] **«»ttfc:l3t^Ttt, 0 1 ICTTsLtzmm 
LAN ->Xf^^ lii^AP 1 k»»SS*H-p 

Ti/^t,(0^-rSo fit, iRa-fEMWt BE 

er&te-e, APiSHisTA2) fcoBBfli, at/« 

*#a*©IEStt*EWTOC*S* fc^3*ff*IMi 

[0 0 5 8] 01 tC*5tt£ S T A 2#A P 1 4MT^ 
IW»a«*ff*55 k'TSlt'&JCtt, STA2(iftf AP 

i kwlt, ^sswo^BBaBEB^sase-rs z t& 

[0059] STA2 tt&nMBEMMfirtC. BE^jK 
?c<0A P 1 ©MAC7 KU7*ffl^TB5lC^LfcA P 
*««a-r— 7/1/ 5 0 rtOAP MAC Address 5 0-1 <D&> 
fS*ffl/\ AP««fif-7;I/5 Ol*3lCBEfi3R5fcA 
P 1 ©MAC7Kl/7^aU^l|^C^ SJIhIOB 
50 EB*fcLr0 6tc^-r^BB«BE#liH*fTV\ BES 
*JtA P 1 ©MA C 7 Kl/X^#fit5l|^li, 
tc^fSAP 1 fcO»H«BE0^7j(«^**»*'e* 
^BEi: IT, H8(cj^-r&MaffBE#«« 

[0 0 6 0] Wl30BES*i:LT04JH!«BE 
#JiiTHco^T, H6atfH7*#fHLTKWr*o 
[0 0 6 l] 06 tt, »MBBIEfl(l*^tH1?*^ 
0 7tt, »ffl«BE**fc*^Ti£*«;*ft*MA C7 
U— A^-r ^ S5 (0 3 <DFrameBody 30- 
40 3) ?:*t0t*S5o 

[0 0 6 2] 061C43^T> AP IfcWLTiMIMBE 
#*fc:J:*BEH3R*fT'3 S T A 2 tt, API tc*fLT 
1 *iM<rT£ (Xf7/S 6 1) o BE 
71/-L6 1 071/- A^^SPtt. 0 7 O (1) BE 
7U-L6 1 ic^t-JB^&oT&t), Algorithm Numb 
er (Tyl/d'JXLSf) 7 0-1-1* r n j i:U Tr 
ansaction Sequence Number ( h "5>1f ^ >/ a >>/— 
>X#^) 7 0-1-2* r i j i:l/:7l/-Ai:^o 
Tl/>5o **3. fiMaBE^MK&ttSBEI&fctt* Al 
50 gor i thm Number 70—1-1—70-4-1 tt^tc 
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Tnj (nti TOJ Xtt f"i j T*4^ffitoa) T*£3 
t>0^^^-r^> 0 Algorithm Number 7 0-1-1—70 
-4-1* T n J fc-TSCi: Shared Key7?^lc: 

cfc « BE$K k EE'J net tmHk t ftr« o 

[0 0 6 3] Xf'y/S 6 1 TS T A 2 fre^UHBBSE 
S**$fiLftAPltt, BE7l/-A6 2Sffl^tA 
P 1 <D&ft? %>ZL—4f SEWm* S T A 2 tc*t LTi£{f "T 
§ Uf7 y S 6 2 ) o BIE7 U— A 6 2 tt, 0 7 <D 

(2) BE7b-A6 2fC^Tff25££&oT*5^ Algo 
rithm Number 7 0-2- 1 f2S5i££>ii5 T n j 
Transaction Sequence Number 70-2-2(i T2J 
T\ APOa— tfSEWS 70-2-3 API Offi^-T £ 
a— tfEflH» (^IfEW^ftM-J-SAP l ©iUHJtt 
4feftlftfeO) *}SAl/ft7l/-At4oT^o 

[0 0 6 4] 7f77S 6 2 T'A P 1 A^EIE7 U— A 
6 2£§{f LfcS T A 2tt. APl*^SiLftAPl 
Oa-iflEBgSOF*gg«r«HLT. AP l oa— UTfiEW 
SOttliEjBfSlcRISO^v^c fc^BEtSi:, A p i <o 
i-ifSEW»teJBf*atifc»M«*flit^T, S T A 2 © 

3) o f lt> U^fffcLTcS T !fEWl»*\ 
S T A 2©a-1flEW»K:WIBrr* S T A 2 (D4>BB»k 
ftlC, BE7U— A6 3*ffl^TAP UCttLTSSflT 
5 6 4) o BII7U™ A 6 3t±, MKD 

(3) BI71/-A6 3te*-rjBSCfcaoTS3 5, Algo 
rithm Number7 0-3- ltetu^OilD T n j T^^, 
Transaction Sequence Number 70-3-2(i T3J 

t\ AP<D<&mmvv§mtLfcsn <DJL-*fwmmi o- 

[0 0 6 5] 6 4T'BE7 U-A 6 3^§fS 

LfcAP ltt, APtO^BBjtTBS^fkLfcSTA ©a-lfE 
7 0 - 3 - 3 * A P 1 08»a7«^t IT, ST 
A 2<Da-lfEPfl«ortg*«EU S T A 2<Dn— tf 
EEW»0*EIS**cia«0*ti^c fc*»BT* k, -Xlc 

^mt#mm*^i& u s t a 2 oa.— tfSEw»tc»f5f 

-A 6 4»TS T A2*c2SfIU. KHWRT^iffitt-r 
£ (Xf77S 66)0 B!E7 A 6 4 ti, HI 7 <D 

(4) BH7U-A6 4tS1-»ai:4oTfi5, Algo 
r i thm Number 7 0 — 4 — l tituSEOji 0 r n J VS> K> > 
Transaction Sequence Number 7 0-4 — 2 T4J 
T\ STA 04iBfl«-effif#{b Lfcttili! 7 0 - 4 - 3 
»DL/*;7l/-Afc&oTt^o **5> HI 7 tC^LfcStat 
us Code 7 0 - l - 9 , Status Code 7 0-2-9. St 
atus Code 7 0-3-9 Status Code 70-4-9 

[0 0 6 6] fOf, X-r-y 7*S 6 6 TAP l A* 6 BE 
7 A 6 4 Lfc S T A 2 M\ STA <D'j*mmVBS 
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mtLfzPkmm 7o-4-3^sta2 o«sas»T*«^ 

tCfT^>n^M*3Sfl(C4otto7U-A0S^fbtC, 
i^t^Cti:^:^ (XT77S 6 7) o «±0» 
ttfcJ:^ »PMtBE#MH*<»7fcaO, STA 
2tAP lBT^U-Aeg^ftiM^tenSCfctft 

[0 0 6 7] #lc, PIBE^f7ton«RRO&RIttllBE 

^niitcot^T, H8arfH9*#BauTKw-r« 0 

/0 [0068] H}8ti, ^Bfl«WBE¥«B*^-riaT* 
>K d9te, &HmBE¥IWc«t^TaBMISti«M 
A C7U- A<D7U— A4vr-<g[$ ((^ 3 ©FrameBody 3 

0-3) ^-riaTftSo 

[0 0 6 9] i8ttVT, EES*ftOAPHC«L 
Tifi£*c^M«KH^THaofeS STA2I4, i>H88l 
SIIESS^LTAP 1 tc*fLTBiiE7l/-A8 1 
flf^ (X7^y:/S 8 1 ) o EE7U-A8 1 <£>7U— 
A#-r-r8IK±* 0 9 CO (1) EK7U-A8 1 lc^*T^ 
it££:oT:foCu Algorithm Number (TH^UXAS 
20 ^) 9 0 — 1 — 1 TmJ t L> Transaction Sequence 

Number ( h v>+f yy^yxi^) 90—1 
-23: r l j fcbf:7U-Afcft-3t^ 0 fc*5, 4*|Jfl 
»BBE¥HElcfctt£BEB$lcJ±, Algorithm Number 9 
0-1-1—90-2-1 tilSfc: Tmj (mti l~0j £ 

rij £ Tnj t»*l/^tt«EO») T*feSt<Di:SSt- 
£ Q Algorithm Number 9 0 — 1 — 1—90 — 2 — l£r 

Tmj fc-TScfclcfctK H6fciFLfc£tHttBE#JH 

[0 0 7 0] Xf7ys 8 1 T'S T A 2A^64^BH«WB 
50 IiEMA)<^§{f LfcA P Mi, API tf«i*LT^*BI4 

ES5R*2S« Lfc STA2CMAC7H UX^STA Mac 
Address 4 0 - 1 Uz^at-SfrlfcSRfcfT? (Xf7/S 

8 2) o fit, u ^ntc»/s*r§ 

4>M»*Public Key 4 0 - 2 OffiJtCfS^ LTl^S C i:^r 

mmi,rcm&ia^ ap ni^^s t a 2KMLrm^. 

"t—7)V4 OOPublic Key 4 0 - 2 *^6ffi»Lfc4>BH« 
(SKS T A 2<D1^BB») ^ffil^TBg^ftr^ (X-r*y 
^0 yS8 3) o fit, W^tLfc*f#a»*, BE7U 
-A8 2^ffil>TSTA2tC^fi'r^ Uf7yS8 
4) o BK71/-A8 i9(D (2) B!l7b-A 

8 2tc^-r^5K^^oT^3 0, Algorithm Number 9 0- 
2 — 1 (imj3$^0jlD r rn j T$>!3 N Transaction Sequen 
ce Number 9 0-2-2te T2J T\ STA O^DflStT'Bg 
#f t L te«f Aiffltt 90-2-3*f**PLfc7U-Afc3S: 
^t^So ^4o, !E19tc^L/cStatus Code 9 0-1- 

9 RZf Status Code 90-2-9li, 7 ASflfigiJb 

50 rfeSo 



-9- 



